Is that really neccessary?
Nevermind the bug in RPM that allows you to erase policycoreutlils without
warning. A quick glance at the specfile makes me think that just fixing the
%post scripts to politely look for restorecon before trying to call it.
And policycoreutils has it's own baggage. Help, save us from dep bloat.

THat's my point. When one chooses not to use selinux, then bind should not
create arbitrary dependencies. Especially when:
- the deps are only in %post scripts that can be easily fixed with a simple [
-e /sbin/restorecon ] && /sbin/restorecon yadda
- there already exists an unfixed bug in rpm that prevents enforcement of this
dep until it's too late
In other words, if they have bind and selinux, then restorecon sure. But why
exactly is restorecon needed for bind without selinux? This is arbitrary and
unneccsary complexity. Especially since policycoreutils drags in even *more*
package deps.

I think the best fix could be put "[ -e /selinux/enforce ] && [ -x
/sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1
;" into %if %{selinux} %endif statement. If exists bug in rpm it could be fixed
in future and all could works fine. I'm going to fix this problem in rawhide

Note

You need to
log in
before you can comment on or make changes to this bug.